package com.sunrise.gateway.web.core;

import com.sunrise.gateway.commons.Constants;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Service;

@Service
public class AuthEngine {

    /**
     * 认证校验
     */
    public String authentication() {
        Subject subject = SecurityUtils.getSubject();
        if (null == subject.getSession(false)) {
            return Constants.USER_SESSION_INVALID;
        } else if (subject.isAuthenticated()) {
            return com.dap.commons.Constants.ResponseCode.SYS_SUCCESS;
        } else {
            return Constants.USER_NOT_LOGIN;
        }
    }

    /**
     * 授权校验
     */
    public String authorization(String uri) {
        Subject subject = SecurityUtils.getSubject();

        if (subject.isPermitted(uri)) {
            //有资源权限  
            return com.dap.commons.Constants.ResponseCode.SYS_SUCCESS;
        } else {
            //没有权限  
            return Constants.USER_ILLEGAL;
        }
    }

}
